Skip to content

Cloudflare Zero Trust Token

Service Name: Cloudflare Zero Trust

Service Description: Cloudflare Zero Trust is a security platform that helps organizations secure their applications, networks, and employees using Cloudflare's global network. It provides secure access to internal and external resources through identity verification and context-based authentication.

Service Address: https://www.cloudflare.com/zero-trust/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through Cloudflare Access policies and Gateway rules.

Secret Access Scope: Grants programmatic access to Cloudflare Zero Trust services, including the ability to manage access policies, identity providers, and device posture checks.

Secret Revokement URL: https://dash.teams.cloudflare.com/

Secret Example: CF- ZT_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI 6IkNsb3VkZmxhcmUgWmVybyBUcnVzdCIsImlhdCI6MTUxNjIzOTAyMn0

Suspicious Activity Investigation Instructions:

  • Review Cloudflare Zero Trust logs for unusual access patterns or policy changes.
  • Check for unauthorized device connections or access attempts.
  • Monitor for changes to access policies or identity provider configurations.
  • Review audit logs for administrative actions taken with the token.
  • Verify if the token was used from unusual geographic locations or outside normal business hours.

Mitigation Instructions:

  • Log in to the Cloudflare Zero Trust dashboard at https://dash.teams.cloudflare.com/
  • Navigate to Settings > Account > API Tokens
  • Locate the compromised token and click "Revoke"
  • Generate a new token with appropriate permissions if needed
  • Review and update access policies to ensure they follow the principle of least privilege
  • Consider implementing additional security measures such as IP restrictions or device posture checks
  • Update any applications or services that were using the revoked token with the new token